On Thu, 2005-07-28 at 17:58, James Y Knight wrote: > If you use the fsfs storage mechanism for subversion, it is somewhat > simpler to verify that the repository is not compromised. Each commit > is represented as a separate file, and thus old commits are never > modified. Only new files are appended to the directory. If you have a > filesystem that allows "append-only" permissions on a directory, you > can enforce this directly. Additionally, it is possible in your > backup script to verify that only new files were added and nothing > else changed. > > Then at least you know how much you need to examine instead of having > to treat the entire repository as possibly contaminated.
Would it buy us any additional piece of mind to checksum the transaction files as they're committed and store those checksums outside the repository? -Barry
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
